6910367 IPV6_SEC_OPT setsockopt() call in cvcd(1M) failed with ENOENT during network initialization

author: Dan McDonald <danmcd@sun.com> 2009-12-24 15:39:34 -0500
committer: Dan McDonald <danmcd@sun.com> 2009-12-24 15:39:34 -0500
commit: 7a17cfad7ff3427e1ce7ecdbf566e442a7025ec9 (patch)
tree: c2949609755588ea3efe3909522548b51549a468
parent: 06f61b77bc179f185bf19957b30740c246a13c0d (diff)
download: illumos-joyent-7a17cfad7ff3427e1ce7ecdbf566e442a7025ec9.tar.gz
1 files changed, 13 insertions, 3 deletions
diff --git a/usr/src/cmd/sckmd/sparc/sun4u/sckmd.c b/usr/src/cmd/sckmd/sparc/sun4u/sckmd.c
index 82f692fe6a..99ed3e9740 100644
--- a/usr/src/cmd/sckmd/sparc/sun4u/sckmd.c
+++ b/usr/src/cmd/sckmd/sparc/sun4u/sckmd.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * sckmd - Starcat Key Management Daemon
  *
@@ -136,6 +134,18 @@ main(int argc, char **argv)
 
 	sckmd_log(LOG_DEBUG, "starting sckmd...\n");
 
+	/*
+	 * IPsec must get loaded in-kernel.  The easiest way to do this is
+	 * to open (then close) a PF_KEY socket.
+	 */
+	if ((keysock = socket(PF_KEY, SOCK_RAW, SCKMD_CURR_PFKEY_VER)) == -1) {
+		sckmd_log(LOG_DEBUG, "PF_KEY open for IPsec load failed: %s\n",
+		    strerror(errno));
+		exit(1);
+	}
+	(void) close(keysock);
+	sckmd_log(LOG_ERR, "PF_KEY socket for IPsec load succeeded.\n");
+
 	/* must be root */
 	if (geteuid() != 0) {
 		sckmd_log(LOG_ERR, "must run as root\n");
author	Dan McDonald <danmcd@sun.com>	2009-12-24 15:39:34 -0500
committer	Dan McDonald <danmcd@sun.com>	2009-12-24 15:39:34 -0500
commit	7a17cfad7ff3427e1ce7ecdbf566e442a7025ec9 (patch)
tree	c2949609755588ea3efe3909522548b51549a468
parent	06f61b77bc179f185bf19957b30740c246a13c0d (diff)
download	illumos-joyent-7a17cfad7ff3427e1ce7ecdbf566e442a7025ec9.tar.gz